From owner-freebsd-questions@FreeBSD.ORG Sat Aug 25 23:07:14 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7622516A417 for ; Sat, 25 Aug 2007 23:07:14 +0000 (UTC) (envelope-from mich.admin@mail.ru) Received: from batman.mns.ru (batman.mns.ru [80.70.224.14]) by mx1.freebsd.org (Postfix) with ESMTP id 329D713C46C for ; Sat, 25 Aug 2007 23:07:13 +0000 (UTC) (envelope-from mich.admin@mail.ru) Received: from [192.168.0.27] ([192.168.0.27]) by batman.mns.ru with esmtp; Sun, 26 Aug 2007 02:57:10 +0400 id 00028E7D.46D0B3C6.00000954 Message-ID: <46D0B3C5.8000905@mail.ru> Date: Sun, 26 Aug 2007 02:57:09 +0400 From: Miz0 User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: TCP packets don't flow from external hosts to WinVista clients behind nat X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Aug 2007 23:07:14 -0000 Hello... I've got a strange trouble... FreeBSD 6.2 amd64 as nat-router: rl0 85.249.249.249 -> ISP fxp0 10.0.0.1 -> My Internat Net natd/ng_nat ipfw: allow all from any to any WinXP client machines work fine behind nat, but WinVista, FreeBSD (5.5/6.2) clients don't. It's very strange but it's unable to establish any TCP internet connection from non WinXP host. ICMP and UDP packets flows normally. For example, I can ping host ya.ru, get DNS-reply from internet servers, play games via UDP, but i can't view web pages, open shh session and just can't "telnet" to any port!!!! Traffic from/to my net is not filtering by firewalls at all. I've tested it with natd ang ng_nat - there's no difference! I've tried to solve this problem during last week =( Unfortunately, i can't. Now i'm going to try using pf or ipfilter instead of ipfw or ever reinstall server OS and may be change freebsd architecture to i386. Any ideas ? P.S.Sorry for my bad english.